Enabling Azure Container Registry Authentication
Start course

This course introduces you to container security, Azure Container Registry authentication, Kubernetes clusters, and Microsoft Defender for Containers.

Learning Objectives

  • A solid understanding of what options are available for securing your containerized applications in Azure and how to protect them from emerging threats

Intended Audience

  • Developers, IT professionals, and security experts who are looking to understand the different ways to secure their containerized applications in Azure


  • Basic understanding of Containerized computing in Azure

Welcome to Enabling Azure Container Registry Authentication. In this lesson, we'll be discussing the different ways you can authenticate with an Azure container registry, along with the scenarios they're best suited for.

So, first things first, it's important to know that you can authenticate in several different ways. Each way will be applicable to a different usage scenario. For example, you can authenticate to a registry directly via an individual login, or you can configure your application and container orchestrators to perform what is called a "headless," authentication via an Azure AD service principal.

When working with a registry directly, you can authenticate by using the az acr login command in the Azure CLI. This allows the CLI to use the token that was created when you logged in with the az login command to authenticate your session with the registry.

On the other hand, assigning a service principal to the registry allows applications or services to use it for headless authentication. Service principals allow role-based access to a registry, while also allowing you to assign multiple service principals to the registry.  Roles that are available for a container registry include AcrPull, AcrPush, and Owner.

Each container registry also includes an admin user account. This admin account, however, is disabled by default. That said, it can be enabled if necessary via the Azure portal, the Azure CLI, or other Azure tools. The admin account has two passwords, both of which can be regenerated. This allows you to maintain a connection to the registry by using one password while regenerating the other if necessary. 

In summary, there are a few ways to authenticate with an Azure container registry, each of which is applicable to different usage scenarios. This includes authenticating directly via individual login or using an Azure AD service principal for headless authentication. Understanding the different authentication options will allow you to more effectively enable and manage Azure Container Registry authentication and ensure the security of containerized applications.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics